package com.example.blog.config;



import java.net.InetAddress;
import java.security.Permission;

public class RestrictedSecurityManager extends SecurityManager {

    @Override
    public void checkPermission(Permission perm) {
        // 允许一些基本操作，但可以添加额外的限制
        // 这里默认是允许所有基本权限
    }

    @Override
    public void checkPermission(Permission perm, Object context) {
        // 对特定上下文进行权限检查
        // 这里默认是允许所有基本权限
    }

    @Override
    public void checkExec(String cmd) {
        // 允许执行 `javac` 和 `java` 命令，用于编译和执行代码
        if (cmd.startsWith("javac") || cmd.startsWith("java")) {
            return; // 允许这些命令执行
        }
        // 对于其他命令，依旧抛出异常
        throw new SecurityException("Executing external commands is not allowed");
    }


    @Override
    public void checkRead(String file) {
        // 限制文件读取，仅允许读取指定目录中的文件，例如临时目录 /tmp/
        if (file != null && !file.startsWith("/tmp/")) {
            throw new SecurityException("File read access is not allowed: " + file);
        }
    }

    @Override
    public void checkWrite(String file) {
        // 限制文件写入，仅允许写入指定目录中的文件，例如临时目录 /tmp/
        if (file != null && !file.startsWith("/tmp/")) {
            throw new SecurityException("File write access is not allowed: " + file);
        }
    }

    @Override
    public void checkDelete(String file) {
        // 禁止删除文件，保护系统文件安全
        throw new SecurityException("Deleting files is not allowed");
    }

    @Override
    public void checkExit(int status) {
        // 禁止退出JVM，防止用户代码试图终止整个系统
        throw new SecurityException("Exiting the JVM is not allowed");
    }

    @Override
    public void checkLink(String lib) {
        // 禁止加载本地库文件
        throw new SecurityException("Loading native libraries is not allowed");
    }

    @Override
    public void checkAccess(Thread t) {
        // 限制对线程的访问，防止用户代码试图管理系统线程
        if (t != Thread.currentThread()) {
            throw new SecurityException("Accessing other threads is not allowed");
        }
    }

    @Override
    public void checkAccess(ThreadGroup g) {
        // 限制对线程组的访问
        throw new SecurityException("Accessing thread groups is not allowed");
    }

    @Override
    public void checkCreateClassLoader() {
        // 禁止用户创建自定义类加载器，防止加载未受信任的代码
        throw new SecurityException("Creating class loaders is not allowed");
    }

    @Override
    public void checkConnect(String host, int port) {
        // 禁止网络连接，防止用户代码连接外部网络
        throw new SecurityException("Network connections are not allowed");
    }

    @Override
    public void checkConnect(String host, int port, Object context) {
        // 禁止网络连接，防止用户代码连接外部网络（上下文相关）
        throw new SecurityException("Network connections are not allowed");
    }

    @Override
    public void checkListen(int port) {
        // 禁止打开服务器端口，防止用户代码启动网络服务
        throw new SecurityException("Listening on ports is not allowed");
    }

    @Override
    public void checkAccept(String host, int port) {
        // 禁止接收网络连接
        throw new SecurityException("Accepting network connections is not allowed");
    }

    @Override
    public void checkMulticast(InetAddress maddr) {
        // 禁止多播
        throw new SecurityException("Multicast is not allowed");
    }

    @Override
    public void checkPropertiesAccess() {
        // 禁止访问系统属性，防止用户代码读取系统敏感信息
        throw new SecurityException("Accessing system properties is not allowed");
    }

    @Override
    public void checkPropertyAccess(String key) {
        // 禁止访问特定系统属性
        throw new SecurityException("Access to system property '" + key + "' is not allowed");
    }

    @Override
    public void checkPrintJobAccess() {
        // 禁止打印任务
        throw new SecurityException("Printing is not allowed");
    }

    @Override
    public void checkPackageAccess(String pkg) {
        // 允许访问核心Java包，防止阻止正常的Java运行时行为
        if (pkg.startsWith("java.") || pkg.startsWith("javax.") || pkg.startsWith("sun.") || pkg.startsWith("com.sun.")) {
            return; // 允许访问这些包
        }
    }

    @Override
    public void checkPackageDefinition(String pkg) {
        // 限制用户定义自己的包
        throw new SecurityException("Defining packages is not allowed");
    }
}
